How can I create a group of LDAP Global Administrators (GA) and Master Admins (MA)?

Request For Information (RFI)

If you want to only have a group of specific users to be Global Administrators, you will have to have a separate AD/LDAP or OU that are separate from their current environment This is due to the fact that CA Strong Authentication is unable to differentiate from groups within the same AD.

If you do want to create a group of Global Administrators, follow the steps below, that are needed to create a separate LDAP Organization for the group of Global Administrators.

         1.            Login as MasterAdmin or GlobalAdmin
         2.            Select Organizations and then Create Organizations
         3.            Enter the following information
                       3a.            Org Name
                       3b.            Display Name
                       3c.            Select Administrator Mechanism to LDAP

         4.            Enter your LDAP Details
         5.            Click next and map the corresponding attributes to your LDAP. Make sure these are correct, because one they are set and the LDAP Organization is enabled,  they will not be able to be reverted.

         6.            Attributes for Encryptions, set to your standards.
         7.            Admins for this org, set to your standards.
         8.            Assign Account types, set to your standards.
         9.            Enable LDAP Org.
        10.          Once the LDAP Org is enabled, you can now search the users that are in this org by clicking on Users and Administrators.

The below steps are to configure a user that is already enrolled in the current org.
        1.          Search for specific user
        2.          Select the user name
        3.          Select Edit
        4.          Select Change Administrator Role
        5.          Select Role to be Global Administrator